iM»m) mmm t mi 98c mam t mrnvma « ;c/9-Jiixd3-oidsn:iiAS « Imi mm m^^i] m tvm mum iv OAoy . mt 39Vd 



EN THE CLAIMS: 

This listing of claims will repkce all prior versions, and listings, of claims in the application. 
Listing of Clidms 
1,-9. (Cancelled) 

10. (Currently amended) A method for detecting the presence of a computer virus, the 
method comprising; 

receiving, at a bait server, a request for access to perform q Amotion on tiae bait server^ 
wherein the bait server's address is not published to a networic and wherein receipt of the request 
indicfttcH tViat a vinifi attack is in urpgress: 

identii^dng an ofiending system from which the request originated; 

alerting a local server that [[a]] toe virus attack is in progress and of the identity of the 
offending system; and 

disconnecting the ofifending system from the network. 

(Original) Tliemethodas tedted in claim 10, fiirther comprising: 
prior to disconnecting the ofSmding system, notifying the offending system that it is 
infected with a virus, 

12. (Original) The method as recited in claim 1 0, further comprising: 
receiving a reconnect request from the offending system; 

verifying that the offending system is disinfected and available to reconnect to the 
network; and 

reconnecting the offending system to the network. 

13. (Cancelled) 

14. (Cancelled) 
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15. (Cancelled) 

16. (Currently amended) A method in a bait server for detecting the presence of a computer 
virus, the method comprising: 

not publishing the bait server's address to a network; 

receiving areouest for access from the nelwork, wherein receipt of the request indicates 
that a vinia is p resent; 

monitoring the notwork for th e prosonco of a oomputor virufl ? 

rosponflivQ to a dotoTOinQtion that a vinio ia dotcotc^ determining the identity of an 
offending system within the network from which the virus entered tfie network; 

notifying a local server of the presence of the virus and the identity of the offending 

system; 

instructing all devices within the network to ignore all requests ftom the offending system 
until the offending system has been disinfected and is available for network communication; 
directing the local server to disconnect the offending system from the network; and 
responsive to an indication that the ofifending system has been disinfected and re^onsive 
to a reconnect request firom the offending system to the local server, reconnecting the offending 
system to the network. 

17. (Previously presented) The method as recited in claim 10, further comprising: 
instructing all devices wittiin the network to ignore all requests from the offending system 

until the offending syston has been disinfected and is available for network communication* 

18. (Cancelled) 

19. (Cancelled) 

20. (Currently amcndod) A computer progtum product in a computer readable media for use 
in a data processing system for detecting the presence of a computer virus, the computer program 
product comprising; 
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first instructions for receiving, at a bait server, a request for access t o p e rform a funotion 
the bait server, wherein the ba it server's address is not published to a network and wherein 
receipt of the request indicates that a vinis attac k is in progress: 

second instructions for identi^ng an offending system from which the request 
originated; 

third instructions for alerting a local server that [[a]] the virus attack is in progress and the 
identity of the offending system; and 

fourth instructions for disconnecting the offending system from [[a]] tfic network. 

2 1 . (Original) The computer program product as recited in claim 20, further comprising: 
fifth instructions for, prior to disconnecting the offending system^ notifying the offending 

system that it is infected with a virus. 

22. (Original) The computer program product aa recited in claim 20, further comprising: 
fifth instructions for receiving a reconnect request from the ofTenduig system; 

sixth instructions for verifying that the offending system is disinfected and available to 
reconnect to the network; and 

seventh instructions for reconnecting the offending system to the network. 

23. (Cancelled) 

24. (Cancelled) 

25. (Cancelled) 

26. (Ctirrently amended) A computer program product in a computer readable media for use 
in a data processing system in a bait server for detecting the presence of a computer vims, the 
computer program product comprising: 

first instructions for not pubhshing the bait server*s address publisted to a network; 
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second instructions for monitoring (he n e twork foi th e pr e a e no e of a oomprut e r viruo; 
receiving a reque st for accesa from the network, wherein receipt of the request indicates that a 
yims is present: 

tlurd iastruotion o» r e aponoive to a d e tormimition that a vimo io d e t e otod^ for determining 
the identity of an offending system within the network from which the virus entered the network; 

fourth instructions for notifying a local server of the presence of the virus and the identity 
of the off^ding syst^; 

fifth instructions for instructing all devices within the network to ignore all requests from 
the offending system until the offending system is reauthorized for network communication; 

sixth instructions for directing a local server to disconnect the offending system from the 
network; and 

seventh instructions, responsive to an indication that the offending system has been 
dismfected and responsive to a reconnect request from the offending system to the local server* 
for reconnecting the offending system to the network. 

27. (Previously presented) The computer program product as recited in claim 20, further 
comprising; 

fifth instructions for instructing all devices within die network to ignore all requests fix>xn 
the offending system until the offending system is reauthorized for network communication. 

28, (CanccUed) 
29* (Cancelled) 

30. (Currently amended) A system for detecting the presence of a computer virus, the system 
comprising; 

a receiver, at a bait server, which receives a request for access to perfomi a function on 
the bait serve r, wherein the bait server's address is not nublished to a network and wherein 
receipt of the request indicates that a virus attack is in progress : 

an identifying unit which identifies an offending system from which the request 
originated; 
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[aft] a virus alert unit which alerts a local server that [[ft]] tiK© virus attack is in progress 
and the identity of the offending system; and 

a disconnection unit which disconnects the offending system from [[a]] ^ network. 

31. (Original) The system as recited in claim 30, further coniprising; 

a notification unit which, prior to disconnecting the ofiFending system, notifies the 
ofjfending system that it is infected with a vims. 

32. (Original) The system as recited in claim 30, further comprising: 

a reconnect request unit which receives a reconnect request from the offending system; 
a verification unit which verifies that the offending system is authorized to reconnect to 
the network; and 

a reconnecting unit which reconnects the offending system to the network, 

33. (Cancelled) 

34. (Cancelled) 

35. (Cancelled) 

36. (Currently amended) A system in a bait server for detecting the presence of a computer 
virus, the system comprising: 

a monitoring receiving unit which receives a request for access from a network, mmitora 
a network for the piparoo e of a e omputor viru s? wherein the bait server's address is not pubKshed 
to the network and wherein receipt of the request indicates that a virus is present : 

an identifier Halt whic h, r e oponoivo to a doto xu iination that a ^aruo ifl dotooted, determines 
the identity of an offending system within the network &om which the virus entered the network; 

a notification unit which notifies a local server of the presence of the virus and the 
identity of the offending system; 
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a network protection unit which instructs all devices within the network to ignore all 
requests &om the offending Bystem until the ofTending system is r^uthorized for network 
communication; [[«Hd]] 

a disconnection unit which directs a local server to disconnect tixe offending system from 
the networkfHl : and 

a reconnection unit which, responsive to an indication that the offending system has been 
disinfected and responsive to a reconnect request fiom the offending system to the local server, 
reconnects the offending system to the network, 

37. (Previously preBented) The system as recited in claim 30, further coniprising: 

a networic protection miit which instructs all devices within the network to ignore all 
requests from the offending system until the offending system is reauthorized for network 
communication. 

38* (Cancelled) 

39. (Cancelled) 
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